Difference between revisions of "Firewall SuSE"

From AMule Project FAQ
Jump to: navigation, search
 
Line 2: Line 2:
  
 
'''NOTE:''' This document has been tested on [http://www.suse.com SuSE Linux 8.2]
 
'''NOTE:''' This document has been tested on [http://www.suse.com SuSE Linux 8.2]
 +
 +
== Using [http://www.suse.com SuSE Linux] as a client machine ==
 +
 +
If you run [http://www.suse.com SuSE Linux] on your client machine which runs a firewall itself, you need to do the following to allow the correct ports to come through:
 +
 +
You basically need to allow [http://www.faqs.org/faqs/internet/tcp-ip/resource-list TCP] and [http://www.faqs.org/rfcs/rfc768.html UDP] ports 4662 and 4672 to be open.
 +
 +
Open ''/etc/sysconfig/SuSEfirewall2'', and locate ''FW_SERVICES_EXT_TCP'' and ''FW_SERVICES_EXT_UDP''. Now add to both of these the above ports:
 +
 +
''FW_SERVICES_EXT_TCP="4662 4672"''<br>
 +
''FW_SERVICES_EXT_UDP="4662 4672"''
 +
 +
Note that you should keep ports that are already in there.
 +
 +
After making these changes save the file.
  
 
== Using [http://www.suse.com SuSE Linux] as a router/firewall ==
 
== Using [http://www.suse.com SuSE Linux] as a router/firewall ==
  
If you use [http://www.suse.com SuSE Linux] on your router/firewall to connect to the internet you can do the following to forward the ports used by e/amule to your client: You need to set your firewall to forward all connections coming to it on ports 4662 and 4672 in tcp and udp to your internal client machine.
+
If you use [http://www.suse.com SuSE Linux] on your router/firewall to connect to the internet you can do the following to forward the ports used by [[aMule]]/[[eMule]]/etc to your [[client]]:
  
Open /etc/sysconfig/SuSEfirewall2, and locate FW_FORWARD_MASQ (it's in 14.). Now, assuming your client's ip is 192.168.0.3, set this to this value:
+
Set your firewall to forward all connections coming to it thorugh ports 4662 and 4672 in [http://www.faqs.org/faqs/internet/tcp-ip/resource-list TCP] and [http://www.faqs.org/rfcs/rfc768.html UDP] to your internal client machine.
  
FW_FORWARD_MASQ="0/0,192.168.0.3,tcp,4662 0/0,192.168.0.3,udp,4662 0/0,192.168.0.3,tcp,4672 0/0,192.168.0.3,udp,4672"
+
Open ''/etc/sysconfig/SuSEfirewall2'' and locate ''FW_FORWARD_MASQ'' (it's in ''14.''). Now, assuming your client's [http://www.faqs.org/rfcs/rfc791.html IP] is 192.168.0.3, set this to this value:
  
(Note that a rule like "0/0,192.168.0.3,tcp,4662" simply means that incoming tcp connections over port 4662 from any address (0/0) will be forwarded to your the machine 192.168.0.3, on the same port.)
+
''FW_FORWARD_MASQ="0/0,192.168.0.3,tcp,4662 0/0,192.168.0.3,udp,4662 0/0,192.168.0.3,tcp,4672 0/0,192.168.0.3,udp,4672"''
  
For this to work, you have to have FW_ROUTE (5.) set to "yes" in the same file.
+
Note that a rule like ''"0/0,192.168.0.3,tcp,4662"'' simply means that incoming  [http://www.faqs.org/faqs/internet/tcp-ip/resource-list TCP] connections through port 4662 from any address (0/0) will be forwarded to your the machine 192.168.0.3 on the same port.)
  
After making these changes, save the file and then start yast. Go to "Security and users" (or similar), and there choose "Firewall". Now simply go through all dialogs and finish them; at the end it will restart your firewall with these new rules.
+
For this to work, you have to have ''FW_ROUTE'' (in ''5.'') set to ''"yes"'' in the same file.
Watch out; depending on your config you can lock yourself out of your (remote) machine!
+
To restart the firewall you can *probably* also do
+
# /sbin/SuSEfirewall2 stop; /sbin/SuSEfirewall2 start
+
  
 +
After making these changes, save the file.
  
== Using [http://www.suse.com SuSE Linux] as a client machine ==
+
== For both: Restarting the firewall ==
  
If you run SuSE on your client machine which runs a firewall itself, you need to do the following to allow the correct ports to come through: You basically need to allow tcp and udp ports 4662 and 4672 to be open.
+
Once you finish configurating the firewall, yuo must restart the firewall daemon for the changes to take effect.
  
Open /etc/sysconfig/SuSEfirewall2, and locate FW_SERVICES_EXT_TCP and FW_SERVICES_EXT_UDP. Now add to both of these the above ports:
+
You can restart [http://susefaq.sourceforge.net/articles/firewall/fw_manual.html SuSEfirewall2] through two different ways:
FW_SERVICES_EXT_TCP="4662 4672"
+
FW_SERVICES_EXT_UDP="4662 4672"
+
Note that you should keep ports that are already in there.
+
  
After making these changes, you can restart the SuSEfirewall2 (thanks g-maverick) by running:
+
#Restarting the daemon
 +
#Through [http://www.suse.de/en/private/products/suse_linux/prof/yast.html YaST]
 +
 
 +
Use the first one whenever possible. If you can't then restart the firewall through [http://www.suse.de/en/private/products/suse_linux/prof/yast.html YaST].
 +
 
 +
=== The clean way: Restart the daemon ===
 +
 
 +
'''Thanks to g-maverick for this tip.'''
 +
 
 +
Just run:
  
 
''/sbin/SuSEfirewall2 stop && /sbin/SuSEfirewall2 start''
 
''/sbin/SuSEfirewall2 stop && /sbin/SuSEfirewall2 start''
  
but be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way.
+
Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way.
 +
 
 +
=== The dirty way: [http://www.suse.de/en/private/products/suse_linux/prof/yast.html YaST] gives us a hand ===
 +
 
 +
Start [http://www.suse.de/en/private/products/suse_linux/prof/yast.html YaST]. Go to "Security and users" (or similar), and once there choose "Firewall". Now simply go through all dialogs and end up with them. At the end it will restart your firewall with these new rules.

Revision as of 22:41, 11 November 2004

By Tuxlover

NOTE: This document has been tested on SuSE Linux 8.2

Using SuSE Linux as a client machine

If you run SuSE Linux on your client machine which runs a firewall itself, you need to do the following to allow the correct ports to come through:

You basically need to allow TCP and UDP ports 4662 and 4672 to be open.

Open /etc/sysconfig/SuSEfirewall2, and locate FW_SERVICES_EXT_TCP and FW_SERVICES_EXT_UDP. Now add to both of these the above ports:

FW_SERVICES_EXT_TCP="4662 4672"
FW_SERVICES_EXT_UDP="4662 4672"

Note that you should keep ports that are already in there.

After making these changes save the file.

Using SuSE Linux as a router/firewall

If you use SuSE Linux on your router/firewall to connect to the internet you can do the following to forward the ports used by aMule/eMule/etc to your client:

Set your firewall to forward all connections coming to it thorugh ports 4662 and 4672 in TCP and UDP to your internal client machine.

Open /etc/sysconfig/SuSEfirewall2 and locate FW_FORWARD_MASQ (it's in 14.). Now, assuming your client's IP is 192.168.0.3, set this to this value:

FW_FORWARD_MASQ="0/0,192.168.0.3,tcp,4662 0/0,192.168.0.3,udp,4662 0/0,192.168.0.3,tcp,4672 0/0,192.168.0.3,udp,4672"

Note that a rule like "0/0,192.168.0.3,tcp,4662" simply means that incoming TCP connections through port 4662 from any address (0/0) will be forwarded to your the machine 192.168.0.3 on the same port.)

For this to work, you have to have FW_ROUTE (in 5.) set to "yes" in the same file.

After making these changes, save the file.

For both: Restarting the firewall

Once you finish configurating the firewall, yuo must restart the firewall daemon for the changes to take effect.

You can restart SuSEfirewall2 through two different ways:

  1. Restarting the daemon
  2. Through YaST

Use the first one whenever possible. If you can't then restart the firewall through YaST.

The clean way: Restart the daemon

Thanks to g-maverick for this tip.

Just run:

/sbin/SuSEfirewall2 stop && /sbin/SuSEfirewall2 start

Be aware that if you are connected to the router remotely, if something failed during this process, this could terminate your connection and so, leave the router in an accessible way.

The dirty way: YaST gives us a hand

Start YaST. Go to "Security and users" (or similar), and once there choose "Firewall". Now simply go through all dialogs and end up with them. At the end it will restart your firewall with these new rules.